Adrian Lauf, William H. Robinson, Alan Peters
Citation
Adrian Lauf, William H. Robinson, Alan Peters. "A distributed intrusion detection system for resource-constrained devices in ad-hoc networks". Elsevier Ad-hoc Networks, 8(3):253-266, May 2010.
Abstract
This paper describes the design and implementation of a two-stage intrusion detection system
(IDS) for use with mobile ad-hoc networks. Our anomaly-based intrusion detection is
provided by analyzing the context from the application-level interactions of networked
nodes; each interaction corresponds to a specific function or behavior within the operational
scenario of the network. A static set of behaviors is determined offline, and these
behaviors are tracked dynamically during the operation of the network. During the first
stage of the IDS, our detection strategy employs the analysis of global and local maxima
in the probability density functions of the behaviors to isolate deviance at the granularity
of a single node. This stage is used to capture the typical behavior of the network. The first
stage also provides tuning and calibration for the second stage. During the second stage, a
cross-correlative component is used to detect multiple threats simultaneously. Our
approach distributes the IDS among all connected network nodes, allowing each node to
identify potential threats individually. The combined result can detect deviant nodes in a
scalable manner and can operate in the presence of a density of deviant nodes approaching
22%. Computational requirements are reduced to adapt optimally to embedded devices on
an ad-hoc network.
Electronic downloads
- lauf_adhocnetworks_printed.pdf · application/pdf · 978 kbytes
| Citation formats |
- HTML
Adrian Lauf, William H. Robinson, Alan Peters. <a href="http://www.truststc.org/pubs/665.html" >A distributed intrusion detection system for resource-constrained devices in ad-hoc networks</a>, <i>Elsevier Ad-hoc Networks</i>, 8(3):253-266, May 2010.
- Plain text
Adrian Lauf, William H. Robinson, Alan Peters. "A distributed intrusion detection system for resource-constrained devices in ad-hoc networks". <i>Elsevier Ad-hoc Networks</i>, 8(3):253-266, May 2010.
- BibTeX
@article{LaufRobinsonPeters10_DistributedIntrusionDetectionSystemForResourceconstrained, author = {Adrian Lauf and William H. Robinson and Alan Peters}, title = {A distributed intrusion detection system for resource-constrained devices in ad-hoc networks}, journal = {Elsevier Ad-hoc Networks}, volume = {8}, number = {3}, pages = {253-266}, month = {May}, year = {2010}, abstract = {This paper describes the design and implementation of a two-stage intrusion detection system (IDS) for use with mobile ad-hoc networks. Our anomaly-based intrusion detection is provided by analyzing the context from the application-level interactions of networked nodes; each interaction corresponds to a specific function or behavior within the operational scenario of the network. A static set of behaviors is determined offline, and these behaviors are tracked dynamically during the operation of the network. During the first stage of the IDS, our detection strategy employs the analysis of global and local maxima in the probability density functions of the behaviors to isolate deviance at the granularity of a single node. This stage is used to capture the typical behavior of the network. The first stage also provides tuning and calibration for the second stage. During the second stage, a cross-correlative component is used to detect multiple threats simultaneously. Our approach distributes the IDS among all connected network nodes, allowing each node to identify potential threats individually. The combined result can detect deviant nodes in a scalable manner and can operate in the presence of a density of deviant nodes approaching 22%. Computational requirements are reduced to adapt optimally to embedded devices on an ad-hoc network.}, URL = {http://www.truststc.org/pubs/665.html} }
Posted by Adrian Lauf, Ph.D. on 29 Mar 2010.
Groups: trust
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.